chore: more fixes

nklomp · nklomp · commit 5597a97c0a4a · 2024-06-15T20:58:13.000+02:00
diff --git a/packages/client/lib/OpenID4VCIClient.ts b/packages/client/lib/OpenID4VCIClient.ts
@@ -225,15 +225,15 @@ export class OpenID4VCIClient {
           endpointMetadata: this.endpointMetadata as EndpointMetadataResultV1_0_11,
           authorizationRequest: this._state.authorizationRequestOpts,
           credentialOffer: this.credentialOffer,
-          credentialsSupported: Object.values(this.getCredentialsSupported()) as CredentialsSupportedLegacy[],
+          credentialsSupported: Object.values(this.getCredentialsSupported(true)) as CredentialsSupportedLegacy[],
         });
       } else {
         this._state.authorizationURL = await createAuthorizationRequestUrl({
           pkce: this._state.pkce,
           endpointMetadata: this.endpointMetadata as EndpointMetadataResultV1_0_13,
           authorizationRequest: this._state.authorizationRequestOpts,
           credentialOffer: this.credentialOffer,
-          credentialConfigurationSupported: this.getCredentialsSupported() as Record<string, CredentialConfigurationSupportedV1_0_13>,
+          credentialConfigurationSupported: this.getCredentialsSupported(false) as Record<string, CredentialConfigurationSupportedV1_0_13>,
         });
       }
     }
@@ -452,31 +452,16 @@ export class OpenID4VCIClient {
     return JSON.stringify(this._state);
   }
 
-  // FIXME: We really should convert <v11 to v12 objects first. Right now the logic doesn't map nicely and is brittle.
-  // We should resolve IDs to objects first in case of strings.
-  // When < v11 convert into a v12 object. When v12 object retain it.
-  // Then match the object array on server metadata
-  getCredentialsSupportedV11(
-    restrictToInitiationTypes: boolean,
-    format?: (OID4VCICredentialFormat | string) | (OID4VCICredentialFormat | string)[],
-  ): Record<string, CredentialConfigurationSupported> {
-    return getSupportedCredentials({
-      issuerMetadata: this.endpointMetadata.credentialIssuerMetadata,
-      version: this.version(),
-      format: format,
-      types: restrictToInitiationTypes ? this.getCredentialOfferTypes() : undefined,
-    }) as Record<string, CredentialConfigurationSupported>;
-  }
-
   getCredentialsSupported(
+    restrictToInitiationTypes?: boolean,
     format?: (OID4VCICredentialFormat | string) | (OID4VCICredentialFormat | string)[],
-  ): Record<string, CredentialConfigurationSupported> {
+  ): Record<string, CredentialConfigurationSupportedV1_0_13> | Array<CredentialConfigurationSupported> {
     return getSupportedCredentials({
       issuerMetadata: this.endpointMetadata.credentialIssuerMetadata,
       version: this.version(),
       format: format,
-      types: undefined,
-    }) as Record<string, CredentialConfigurationSupported>;
+      types: restrictToInitiationTypes ? this.getCredentialOfferTypes() : undefined,
+    });
   }
 
   public async sendNotification(
@@ -487,7 +472,7 @@ export class OpenID4VCIClient {
     return sendNotification(credentialRequestOpts, request, accessToken ?? this._state.accessToken ?? this._state.accessTokenResponse?.access_token);
   }
 
-  getCredentialOfferTypes(): string[][] {
+  getCredentialOfferTypes(): string[][] | undefined {
     if (!this.credentialOffer) {
       return [];
     } else if (this.credentialOffer.version < OpenId4VCIVersion.VER_1_0_11) {
@@ -510,7 +495,7 @@ export class OpenID4VCIClient {
       });
     }
     // we don't have this for v13. v13 only has credential_configuration_ids which is not translatable to type
-    return [];
+    return undefined;
   }
 
   issuerSupportedFlowTypes(): AuthzFlowType[] {
diff --git a/packages/client/lib/OpenID4VCIClientV1_0_11.ts b/packages/client/lib/OpenID4VCIClientV1_0_11.ts
@@ -460,15 +460,13 @@ export class OpenID4VCIClientV1_0_11 {
     }) as Record<string, CredentialConfigurationSupported>;
   }
 
-  getCredentialsSupported(
-    format?: (OID4VCICredentialFormat | string) | (OID4VCICredentialFormat | string)[],
-  ): Record<string, CredentialConfigurationSupported> {
+  getCredentialsSupported(format?: (OID4VCICredentialFormat | string) | (OID4VCICredentialFormat | string)[]): CredentialConfigurationSupported[] {
     return getSupportedCredentials({
       issuerMetadata: this.endpointMetadata.credentialIssuerMetadata,
       version: this.version(),
       format: format,
       types: undefined,
-    }) as Record<string, CredentialConfigurationSupported>;
+    }) as CredentialConfigurationSupported[];
   }
 
   getCredentialOfferTypes(): string[][] {
diff --git a/packages/client/lib/OpenID4VCIClientV1_0_13.ts b/packages/client/lib/OpenID4VCIClientV1_0_13.ts
@@ -480,7 +480,7 @@ export class OpenID4VCIClientV1_0_13 {
       version: this.version(),
       format: format,
       types: undefined,
-    });
+    }) as Record<string, CredentialConfigurationSupportedV1_0_13>;
   }
 
   public async sendNotification(
@@ -539,7 +539,7 @@ export class OpenID4VCIClientV1_0_13 {
   }
 
   public version(): OpenId4VCIVersion {
-    return this.credentialOffer?.version ?? OpenId4VCIVersion.VER_1_0_11;
+    return this.credentialOffer?.version ?? OpenId4VCIVersion.VER_1_0_13;
   }
 
   public get endpointMetadata(): EndpointMetadataResultV1_0_13 {
diff --git a/packages/client/lib/__tests__/OpenID4VCIClient.spec.ts b/packages/client/lib/__tests__/OpenID4VCIClient.spec.ts
@@ -1,8 +1,16 @@
-import { CodeChallengeMethod, WellKnownEndpoints } from '@sphereon/oid4vci-common';
+import {
+  CodeChallengeMethod,
+  CredentialOfferPayloadV1_0_13,
+  determineSpecVersionFromOffer,
+  determineSpecVersionFromURI,
+  OpenId4VCIVersion,
+  WellKnownEndpoints,
+} from '@sphereon/oid4vci-common';
 // eslint-disable-next-line @typescript-eslint/ban-ts-comment
 // @ts-ignore
 import nock from 'nock';
 
+import { createCredentialOfferURIFromObject } from '../../../issuer/lib';
 import { OpenID4VCIClient } from '../OpenID4VCIClient';
 
 const MOCK_URL = 'https://server.example.com/';
@@ -227,3 +235,24 @@ describe('should successfully handle isEbsi function', () => {
     expect(client.isEBSI()).toBe(true);
   });
 });
+
+it('determine to be version 13', async () => {
+  const offer = {
+    grants: {
+      'urn:ietf:params:oauth:grant-type:pre-authorized_code': {
+        'pre-authorized_code': 'random',
+      },
+    },
+    credential_configuration_ids: ['Omzetbelasting'],
+    credential_issuer: 'https://example.com',
+  } satisfies CredentialOfferPayloadV1_0_13;
+  const offerUri = createCredentialOfferURIFromObject({ credential_offer: offer });
+
+  expect(determineSpecVersionFromOffer(offer)).toEqual(OpenId4VCIVersion.VER_1_0_13);
+  expect(determineSpecVersionFromURI(offerUri)).toEqual(OpenId4VCIVersion.VER_1_0_13);
+});
+it('determine to be version 11', async () => {
+  const offerUri =
+    'openid-credential-offer://?credential_offer=%7B%22grants%22%3A%7B%22urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Apre-authorized_code%22%3A%7B%22pre-authorized_code%22%3A%22wN39X8fU4FCU2MaykNRkCr%22%2C%22user_pin_required%22%3Afalse%7D%7D%2C%22credentials%22%3A%5B%22dbc2023%22%5D%2C%22credential_issuer%22%3A%22https%3A%2F%2Fssi.dutchblockchaincoalition.org%2Fagent%22%7D';
+  expect(determineSpecVersionFromURI(offerUri)).toEqual(OpenId4VCIVersion.VER_1_0_11);
+});
diff --git a/packages/common/lib/__tests__/CredentialOfferUtil.spec.ts b/packages/common/lib/__tests__/CredentialOfferUtil.spec.ts
@@ -1,4 +1,4 @@
-import { determineSpecVersionFromURI, getClientIdFromCredentialOfferPayload } from '../functions';
+import { determineSpecVersionFromOffer, determineSpecVersionFromURI, getClientIdFromCredentialOfferPayload } from '../functions';
 import { CredentialOfferPayload, CredentialOfferPayloadV1_0_11, OpenId4VCIVersion } from '../types';
 
 export const UNIT_TEST_TIMEOUT = 30000;
@@ -46,13 +46,27 @@ describe('CredentialOfferUtil should', () => {
   );
 
   it(
-    'get version 11 as default value',
+    'get version 13 as default value',
     async () => {
       expect(determineSpecVersionFromURI('test://uri')).toEqual(OpenId4VCIVersion.VER_1_0_13);
     },
     UNIT_TEST_TIMEOUT,
   );
 
+  it('determine to be version 13', async () => {
+    const offer = {
+      grants: {
+        'urn:ietf:params:oauth:grant-type:pre-authorized_code': {
+          'pre-authorized_code': 'random',
+        },
+      },
+      credential_configuration_ids: ['Omzetbelasting'],
+      credential_issuer: 'https://example.com',
+    };
+
+    expect(determineSpecVersionFromOffer(offer)).toEqual(OpenId4VCIVersion.VER_1_0_13);
+  });
+
   it('get client_id from JWT pre-auth code offer', () => {
     const offer: CredentialOfferPayload = {
       credential_issuer: 'https://conformance-test.ebsi.eu/conformance/v3/issuer-mock',
diff --git a/packages/common/lib/functions/IssuerMetadataUtils.ts b/packages/common/lib/functions/IssuerMetadataUtils.ts
@@ -1,3 +1,4 @@
+import { VCI_LOG_COMMON } from '../index';
 import {
   AuthorizationServerMetadata,
   CredentialConfigurationSupported,
@@ -11,59 +12,96 @@ import {
   OpenId4VCIVersion,
 } from '../types';
 
-export function getSupportedCredentials(options?: {
+export function getSupportedCredentials(opts?: {
   issuerMetadata?: CredentialIssuerMetadata | IssuerMetadata;
   version: OpenId4VCIVersion;
   types?: string[][];
   format?: OID4VCICredentialFormat | string | (OID4VCICredentialFormat | string)[];
-}): Record<string, CredentialConfigurationSupportedV1_0_13> {
-  if (options?.types && Array.isArray(options.types)) {
-    return options.types
-      .map((typeSet) => {
-        return getSupportedCredential({ ...options, types: typeSet });
-      })
-      .reduce(
-        (acc, result) => {
-          Object.assign(acc, result);
-          return acc;
-        },
-        {} as Record<string, CredentialConfigurationSupportedV1_0_13>,
-      );
+}): Record<string, CredentialConfigurationSupportedV1_0_13> | Array<CredentialConfigurationSupported> {
+  const {version = OpenId4VCIVersion.VER_1_0_13, types} = opts ?? {}
+  if (types && Array.isArray(types)) {
+    if (version < OpenId4VCIVersion.VER_1_0_13) {
+      return types.flatMap(typeSet => getSupportedCredential({ ...opts, version, types: typeSet }) as Array<CredentialConfigurationSupported>);
+    } else {
+      return types
+        .map((typeSet) => {
+          return getSupportedCredential({ ...opts, version, types: typeSet });
+        })
+        .reduce(
+          (acc, result) => {
+            Object.assign(acc, result);
+            return acc;
+          },
+          {} as Record<string, CredentialConfigurationSupportedV1_0_13>,
+        );
+    }
   }
 
-  return getSupportedCredential(options ? { ...options, types: undefined } : undefined);
+  return getSupportedCredential(opts ? { ...opts, types: undefined } : undefined);
 }
 
 export function getSupportedCredential(opts?: {
   issuerMetadata?: CredentialIssuerMetadata | IssuerMetadata;
   version: OpenId4VCIVersion;
   types?: string | string[];
   format?: OID4VCICredentialFormat | string | (OID4VCICredentialFormat | string)[];
-}): Record<string, CredentialConfigurationSupportedV1_0_13> {
-  const { issuerMetadata, types, format } = opts ?? {};
+}): Record<string, CredentialConfigurationSupportedV1_0_13> | Array<CredentialConfigurationSupported> {
+  const { issuerMetadata, types, format, version = OpenId4VCIVersion.VER_1_0_13 } = opts ?? {};
 
-  if (!issuerMetadata || !issuerMetadata.credential_configurations_supported) {
-    return {};
+  let credentialConfigurationsV11: Array<CredentialConfigurationSupported> | undefined = undefined;
+  let credentialConfigurationsV13: Record<string, CredentialConfigurationSupportedV1_0_13> | undefined = undefined;
+  if (version < OpenId4VCIVersion.VER_1_0_12 || issuerMetadata?.credentials_supported) {
+    credentialConfigurationsV11 = issuerMetadata?.credential_supported ?? [];
+  } else {
+    credentialConfigurationsV13 =
+      (issuerMetadata?.credential_configurations_supported as Record<string, CredentialConfigurationSupportedV1_0_13>) ?? {};
+  }
+  if (!issuerMetadata || (!issuerMetadata.credential_configurations_supported && !issuerMetadata.credentials_supported)) {
+    VCI_LOG_COMMON.warning(`No credential issuer metadata or supported credentials found for issuer}`);
+    // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+    return version < OpenId4VCIVersion.VER_1_0_13 ? credentialConfigurationsV11! : credentialConfigurationsV13!;
   }
 
-  const credentialConfigurations: Record<string, CredentialConfigurationSupportedV1_0_13> =
-    issuerMetadata.credential_configurations_supported as Record<string, CredentialConfigurationSupportedV1_0_13>;
   const normalizedTypes: string[] = Array.isArray(types) ? types : types ? [types] : [];
   const normalizedFormats: string[] = Array.isArray(format) ? format : format ? [format] : [];
 
-  return Object.entries(credentialConfigurations).reduce(
-    (filteredConfigs, [id, config]) => {
-      const isTypeMatch = normalizedTypes.length === 0 || normalizedTypes.some((type) => config.credential_definition.type?.includes(type));
-      const isFormatMatch = normalizedFormats.length === 0 || normalizedFormats.includes(config.format);
-
-      if (isTypeMatch && isFormatMatch) {
-        filteredConfigs[id] = config;
+  function filterMatchingConfig(config: CredentialConfigurationSupported): CredentialConfigurationSupported | undefined {
+    let isTypeMatch = normalizedTypes.length === 0;
+    if (!isTypeMatch) {
+      if ('credential_definition' in config) {
+        isTypeMatch = normalizedTypes.some((type) => config.credential_definition.type?.includes(type));
+      } else if ('type' in config && Array.isArray(config.type)) {
+        // eslint-disable-next-line @typescript-eslint/ban-ts-comment
+        // @ts-ignore
+        isTypeMatch = normalizedTypes.some((type) => config.type.includes(type));
+      } else if ('types' in config) {
+        isTypeMatch = normalizedTypes.some((type) => config.types?.includes(type));
       }
+    }
 
-      return filteredConfigs;
-    },
-    {} as Record<string, CredentialConfigurationSupportedV1_0_13>,
-  );
+    const isFormatMatch = normalizedFormats.length === 0 || normalizedFormats.includes(config.format);
+
+    return isTypeMatch && isFormatMatch ? config : undefined;
+  }
+
+  if (credentialConfigurationsV13) {
+    return Object.entries(credentialConfigurationsV13).reduce(
+      (filteredConfigs, [id, config]) => {
+        if (filterMatchingConfig(config)) {
+          filteredConfigs[id] = config;
+          // Added to enable support < 13. We basically assign the
+          if (!config.id) {
+            config.id = id;
+          }
+        }
+        return filteredConfigs;
+      },
+      {} as Record<string, CredentialConfigurationSupportedV1_0_13>,
+    );
+  } else if (credentialConfigurationsV11) {
+    return credentialConfigurationsV11.filter((config) => filterMatchingConfig(config));
+  }
+  throw Error(`Either < v11 configurations or V13 configurations should have been filtered at this point`);
 }
 
 export function getTypesFromCredentialSupported(

Original file line number	Diff line number	Diff line change
`@@ -480,7 +480,7 @@ export class OpenID4VCIClientV1_0_13 {`
`480`	`480`	`version: this.version(),`
`481`	`481`	`format: format,`
`482`	`482`	`types: undefined,`
`483`		`- });`
	`483`	`+ }) as Record<string, CredentialConfigurationSupportedV1_0_13>;`
`484`	`484`	`}`
`485`	`485`
`486`	`486`	`public async sendNotification(`
`@@ -539,7 +539,7 @@ export class OpenID4VCIClientV1_0_13 {`
`539`	`539`	`}`
`540`	`540`
`541`	`541`	`public version(): OpenId4VCIVersion {`
`542`		`- return this.credentialOffer?.version ?? OpenId4VCIVersion.VER_1_0_11;`
	`542`	`+ return this.credentialOffer?.version ?? OpenId4VCIVersion.VER_1_0_13;`
`543`	`543`	`}`
`544`	`544`
`545`	`545`	`public get endpointMetadata(): EndpointMetadataResultV1_0_13 {`